State computers with private information sent to surplus

OLYMPIA – At least four state agencies failed to erase confidential information from computers before unloading them for sale as surplus, according to a state audit released today.

Auditors randomly inspected computers from 13 state organizations sent to the surplus program over a six-week period last year and discovered several devices with information on their hard drives that should have been wiped off.

Those surplus computers containing information that should have been erased had come from four of the largest state departments: Ecology, Health, Labor &Industries, and Social and Health Services.

Under state law, government organizations cannot release computers for sale or surplus until all data including information such as Social Security numbers, medical information, and IT system and security information are erased.

“The (Office of the Chief Information Officer) and the organizations involved responded swiftly to our findings, stopping the release of surplus computers and improving data removal policies,” according to the report.

The Department of Enterprise Services runs the state’s surplus program.

In the last two years, state agencies, boards and commissions sent almost 20,000 computers to surplus when they were no longer needed, according to the report.

Those that don’t wind up with other state organizations, school districts, or non-profit groups are sold to the public at the DES Surplus Store in Tumwater or online.

The report did not explore what, if any, harm may have occurred as a result of the information not being released.